Is it okay to save your private keys to iCloud?
Is it okay to save your private keys to iCloud?
Should you save your private keys to iCloud, even if you ‘lock’ the document from your Notes app? That should keep your crypto seed phrases secure, right?
Here’s what you should know!
Table of Contents
- What are crypto seed phrases and why do they matter?
- Risks to saving your crypto seed phrase to iCloud
- How to store your private keys in a secure hardware wallet
- Backing up your private keys to iCloud is very risky!
What are crypto seed phrases and why do they matter?
Crypto seed phrases allow you to access your crypto wallet. This phrase is unique to your wallet and is 12, 18, or 24 words long.
As long as you have your seed phrase, you can access your digital assets respective to that wallet. This is especially helpful if you lose access to your wallet, or a device that was holding it.
It’s a statistical improbability that anyone would ever guess your seed phrase–however, this doesn’t protect you from losing access to your own cryptocurrency wallet. It also doesn’t protect you from giving away your seed phrase in a scam!
If you do ever make one of these mistakes, you will absolutely need your seed phrase to access that wallet from another device, and salvage as much of your digital asset holdings as possible.
Risks to saving your crypto seed phrase to iCloud
Since the early 2010’s, Apple operating systems have seen a steadily increasing share of the PC and mobile market in the United States. Many enjoy the ecosystem for its ability to easily sync files across any new devices purchased by the public.
As such, it’s no wonder that some look to save their private keys to iCloud via the Notes app.
It’s easy to access.
But does it leave these users vulnerable to scams, hacks and data breaches?
Below are some of the most common risks of backing up your crypto seed phrases to iCloud.
It’s estimated that over 90% of all data breaches start with phishing. This is when someone tries to steal your personal information by getting you to input your data on a website that appears legitimate.
You may be moving quickly and not notice subtle red flags in the website URL, or perhaps the scam incorporates high quality work from a talented graphics artist/ or software development team.
In either case, the website is a shell of the real thing designed to extract your seed phrase by clever means. These phishing websites can and do, in some cases, collect any presented information on the website including:
- Credit card information
- Crypto seed phrases.
For example, let’s say you receive an email asking you to update your Apple account. Software updates are released to the public often, and if the email is well-designed with Apple’s branding, you may not think twice to check the email’s headers through Google’s free Message header tool to verify its validity.
Chances are that the phishing scam even uses some sort of authentic Apple email address–further lowering your guard. So, you click on the link and enter your login credentials unwittingly.
That’s all it takes.
Now, the phishers have access to your iCloud and everything inside of it. Every password you’ve saved to password manager, your browser history to inform which blockchains you interact with and more.
If you’ve used the same password you’ve used elsewhere to backup your private keys to iCloud via the Notes app, then the phishing scam now also has access to your private keys.
Single point of failure
Next, have you considered that backing up your private keys to iCloud creates a single point of failure for a hacker to gain access to all of your digital assets?
This was demonstrated above as we discussed phishing scams as an example. However, if iCloud servers malfunction and experience an outage, and you don’t have your private keys stored elsewhere, this technical risk could stand between you and crypto safety. Since iCloud is inherently always connected to the internet, your cold storage is constantly under threat from hackers or data breaches.
That’s why you should always have multiple backups–especially those that are stored offline and in a safe space. This reduces the single point of failure risk, and even gives you peace of mind knowing that your holdings are safe in an offline environment.
If you store your private keys offline, you’re always in control over who can access it.
Apple owns the keys to your iCloud
One of cryptocurrency’s primary advantages is the personal autonomy and sovereignty you can have over your digital asset holdings. As such, it removes third parties from the equation, so that you can be responsible for your own money.
But if you backup your seed phrase to iCloud, you willingly give up that control.
Apple can access your account and retrieve your information. While the company boasts its powerful encryption on individual devices, it does not make the same claims about content uploaded to iCloud.
When law enforcement requests access to iCloud accounts involved in investigations, Apple complies most of the time. This should raise serious concerns for anyone who values data privacy.
How to store your private keys in a secure hardware wallet
After you purchase cryptocurrency, the safest strategy is to transfer it to a hardware wallet for safekeeping. Software wallets may be convenient for trading, and are stored online.
This article has sought to highlight various vulnerabilities associated with online risks associated with backing up private keys to iCloud.
Offline seed phrase storage solutions are subject to far fewer eyes, and are thus much safer and more secure. As long as your wallet is offline, online hackers can’t access your crypto.
SecuX wallets are equipped with state-of-the-art security features, including an Infineon SLE solid Flash CC EAL5+ Secure Element chip. This chip securely stores your unique private keys and enables zero transaction leakage. All your transactions are verified without the private keys ever leaving the device.
In addition, the Infineon Secure Element Chip comes with a unique built-in security feature. It has a self-destruct mechanism that activates when exposed to light.
This prevents someone from breaking into the wallet and stealing your data.
X-Seed: Save your seed phrases on stainless steel!
However, it’s not just enough to have a highly secure hardware wallet. You also need a safe way to back up your recovery phrase.
As mentioned above, suppose your wallet gets damaged, stolen, or lost. You’ll need this recovery phrase to regain control of your wallet and access your crypto.
Steel seed backups like the X-Seed series remove all of the technological risk associated with safe seed phrase management. These can be lost, and we’d recommend storing your information on more than one to limit that risk.
However, they allow you to keep your seed phrase on a durable metal plate that you can hide away in a safe place. All X-Seed models are fireproof and waterproof to ensure extreme protection from physical damage.
Each model features a different input method from which you can choose the preference that fits your suitability.
The X-Seed comes with an engraver pen to write down your recovery words on an aluminum sheet.
The X-Seed Plus features a steel punch for consistency and durability. And the X-Seed Pro uses laser-engraved tiles for the ultimate indestructible backup system.
After inputting your recovery seed phrase, you can use the included tamper-proof stickers to seal the edges. This extra layer of security ensures your seed phrase is safe from prying eyes. If the sticker seal is broken, you know someone accessed your steel wallet.
Lastly, keep your backup seed device in a safe location known only to you or a trusted family member. It’s recommended to have two backups in separate, secure locations in case one is destroyed or lost.
Backing up your private keys to iCloud is very risky!
In closing, we don’t see using iCloud as a safe way to save your crypto seed phrases–yes, even if you lock the document on your Notes app. The risks are just too high and you’ve worked too hard to leave yourself vulnerable.
Stay vigilant when conducting crypto transactions or interacting with any blockchain-based applications. There are plenty of hackers and scammers (hyperlink to the Discord scam piece) seeking to take advantage of newcomers to crypto.
Furthermore, the underlying code maturity of the growing DeFi ecosystem is still, well, immature. At this early stage, there is always a non-zero possibility that codebases will be exploited.
This is why SecuX’s crypto seed phrase storage solutions for digital asset management have been procured with such care and attention to detail. With all of the risks in this nascent industry, we want to do our part by contributing to better crypto security to be enjoyed by all!
Have any questions or would like to contact the SecuX team for any reason? Drop us a line and we will respond to you as quickly as possible!